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Indian Standard
GUIDE FOR PHYSICAL PLANNING COMPUTER COMPLEXES
PART 3 SECURITY CONSIDERATIONS

OF

0.

FOREWORD

0.1 This Indian Standard ( Part 3 ) was adopted by the Indian Standards Institution on 23 January 1986, after the draft finalized by the Computers, and Calculators Sectional Committee had been Business Machines, approved by the Electronics and Telecommunication Division Council. 0.2 The computer system - equipment, software and information stored and under process-require to be protected against intentional or accidental damage, loss, mutilation, etc. The processed information provided by the computer systems are generally accepted without any doubt and often a deliberate or accidental manipulation may go undetected. Moreover, the sensitive electronic equipment and magnetically stored information can be accessed/damage from remote locations by tapping of communication channels. 0.3 It is obvious, therefore, that the security measures taken in a computer environment would require more attention than any other While security of physical facilities could be ensured physical facilities. through protective mechanisms devised over the years, such time tested procedures do not exist in respect of computer environments. Many organizations are yet to realise that computer systems are important corporate property and should be protected from exploitation. 0.4 In a computer environment, any activity ( whether accidental or intentional ), which endangers the security of accurate, speedy, and timely information is detrimental to the functioning of the management. Thus all actions taken to prevent mutilation, corruption, delay, loss, fraud and the like could be considered under security of a computer complex. 0.5 All security measures aim at achieving integrity, secracy and security. Such measures adopt a philosophy of, firstly, minimising probability of occurrence, secondly, minimising loss and damage if they occur and lastly, evolving recovery plans and contigency measures to recover loss or mutilated data.
3

XS : 11713( Part 3 ) - 1986 1. SCOPE 1.1 This standard ( Part 3 ) provides guidance for identification of areas *that pose a threat to security of computer complex and guidelines to follow at planning stage for improved security.

1.2 It does not cover areas related to data "design, operations and similar functions. 2. TERMINOLOGY

security through

system

2.1 For the purpose of this standard, the terms and definitions ..in IS : 1885 ( Part 52 )* of series shall apply. 3. ELEMENTS 3.0 The various security considerations discussed in three stages: a) Planning stage, b) Installation stage, and c) Operation stage. in a computer complex

as given

may be

`3.1 Planning Stage - During the physical planning for the establishment of computer complex, the major factors that would need to be considered are: a) Vulnerability, acd b) Threat and risk analysis. 3.1.1 Vulnerability - During the planning stage, site of the computer complex assumes an important dimension mainly because, once the complex is sited and established, it would not be possible to relocate that complex easily just because some parts of the complex become vulnerable to unauthorised entry. Therefore, the planner of the computer complex would I-kaveto anticipate not only the existing flow of traflic near and around the computer complex ( both pedestrian and vehicular ) but also anticipate the growth of traffic over the immediate future ( 5 to 10 years) during which period the computer complex in its ulttmate form would be established. The computer complex could become vulnerable not only to manmade hazards such as war, riots, gheiao, threat, fire, etc, but also to natural hazards such as floods, earthquake, fire, etc. *Electrotechnlcal Vocabulary:
Part

52 Data processing. 4
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Some of the steps that could be taken to guard against such hazards would be to: a) avoid locating the computer complex in very busy areas where control of movement of persons is difficult. b) locate the computer complex away from rivers, drains, etc, which could cause damage due to floods. 4 Avoid locating the computer complex in areas which are fire prons areas such as saw-mills, fuel godowns, gas factory and so on. d) Any other additional measures which would prevent unauthorised' entry into computer complex. 3.1.2 Threat and Rivk Analysis - Every effort must be made to assess,., right at the planning stage itself, the extent of threat to the computer complex that is likely to occur. It is also important that the planner of a computer complex anticipate the risk involved in the siting, layout,.. actual building, operation, etc, of the computer complex. Threat to a computer complex could be posed not only by external sources but also. internal ones, such as disgruntled staff who could sabotage the efforts of the organization. Accordingly, the concerned organization runs the risk of losing its computerassociated facilities due to acts of commission and omission by its own staff also. Even though it may be a difficult task, an attempt must be made to study the extent of threat to security in every segment of the complex in order that one may arrive at various levels of danger. Such a study will also highlight the risks involved in the siting, layout, etc, of the computer complex. Thus, a systematic threat and risk analysis would facilitate the formulation of preventive steps and articulation of contingency and recovery plans. Any attempt at conduct of threat and risk analysis for a computer complex must take not of the cost that is likely to be involved in conducting such an analysis. Threat and risk analysis is concerned with the identification, measurement and control of uncertain events with the aim of taking decisions with regard to protection against damage, loss, etc. Such analysis must also result in formulation of contingency measures and recovery plans. Threat and risk analysis study must include the following facts: a) Value of the installation, b) Likely value in terms of money and time to the recipient(s) of date, Existing safeguards, and d) Impact on the organization due to factors other than time and money. 5

c>

9

: 11713

( Part 3 ) - 1986

4 check list of possible threats to security of a computer complex at the time of planning is given at Appendix A. It would be appropriate to record the various facets of threat and risk analysis and other associated measures in the form of security standing orders. Some of the sections in such security standing orders could be as given at Appendix B. 3.2 Installation Stage - Having planned the siting of a computer complex as well as other associated matters, it would be necessary to incorporate various security measures even at the time of installation of computer and associated equipment. Two major factors that are likely to have an important bearing on security of the computer complex during the installation stage are accessibility during installation and layout adopted. 3.2.1 Accessibility - If appropriate measures are not taken to prevent unauthorised personnel from entering the computer during the installation phase, it is likely that such personnel could a) Install monitoring devices such that when the computer programmes become operational, their activity could be detected through monitors; and b) Observe the security measures being taken in the computer complex at the installation phase and use such knowledge when the system becomes operational. To avoid attracting unauthorised persons from seeking entry into the computer complex at the time of installation, it is necessary to adopt the principle of `need to know'. 3.2.2 Layout - While the layout ,of physical devices in a computer room above ground could be observed at any point of time during the operational stage of the computer complex, layout of cables under false flooring is not normally visible to the naked eye. Therefore, it would be a good policy not to divulge the cable routing pattern during the iastallation phase to persons who need not know about the same. 3.2.3 In addition to the steps taken with regard to accessibility and lay-out, it would be appropriate to effectively implement orders with regard to the following: a) Approach to the computer centre, and b) Policy on entry. Further, installation of alarms, safety devices, fire fighting equipment, etc, also assume a special significance during this stage itself. 3.3 Operational Stage complex oc'cur actually Many of the threats during the physical
6

to security of computer running of a computer

IS : 11713 ( Part 3 ) - 1986~ system. It behaves on the computer centre management to avoid becoming complacent in the hope that the centre has been well planned and laid out to prevent loss of security. 3.3.1 During the operational stage, not only would preventive steps pose a problem but recovery and contingency measures would also become very important. Therefore, it would be appropriate to draw up security standing orders for the computer complex as given in Appendix B. These orders must clearly spell out the hierarchy of controls within the organization primarily from the point of view of security. 3.3.2 Once having installed the computer system and started working with the same, it is absolutely essential that periodic inspection of the various facilities is resorted to with a view to ensuring that the various components function according to their designated duties. Such periodic inspection must also incorporate an element of realism by introducing ( with full prior knowledge of concerned management personnel ), occurrence of loss, mutilation, etc. Such inspections would reveal any possible lapses in the security arrangements within the organization. 3,3.3 Monitoring, evaluation and review of the various security measures undertaken by the organization during the actual operation of the system become very crucial. Monitoring machanisms must be It is quite likely that implementation installed without undue publicity. of the security measures might necessitate a complete over-haul of certain procedures and organizational set up. Management of the organization must be adviced by the computer centre personnel about the need for such over-haul if found necessary. 4. SECURITY TRAINING

4.1 While orders may be written and communicated to various personnel actual implementation would be facilitated by of the organization, imparting appropriate training to the concerned personnel. Thus, security training assumes an important role during the operational stage, Such training must be made as realistic as possible and the employees being trained must be made to realize the importance of various measures instituted by the management from a security angle. It must be emphasized that a committed employee of an organization is bound to ensure the success of the organization and prevent even his own colleagues from causing loss of security of information ( which is becoming the most important property of management in the modern context ).
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APPENDIX ( Clause3.1.2 )
SI
NO. (0 (2)

A

CHECK LIST OF THREATS TO SECURITY THAT HAVE TO BE CONSIDERED IN PLANNING A COMPUTER COMPLEX
Category Threat Applicable to ~---_---h--_--_

PC LAN MINI MIDI
(3) (4)

1. Hazards

2. Hardware 3. Software 4. Ancillaries 5. Communication 6. Layout, access Vulnerability 7. Deliberate action

Fire Storm/Flood War Rodents/Pests Moisture/Seepage Dust Temperature Other Catastrophes Proper selection Back-up system Maintenance Packages Amendment Application packages Media selection Power supply Air conditioning Modems Frames, line

y ; Y Y -

(5) Y Y Y -

(6) Y

(7) : ; y'

LARG(8) : I: Y Y : Y Y Y : Y Y Y Y Y Y

T Y
T Y Y

G uy Y Y : Y Y
Y

Y Y Y

Y Y Y Y : Yy : Y Y Y Y Y

Looting Sabotage ( violent like bombs, tapping, etc, or non-violent like erasure ) Y Y The following are not necessarily to be considered when complex but will have long term effects if layout is wrong: 8. System Media damage Y Keying in error Y ; Wrong operator action Data transmission Imnrooer testrun Pliyful damage Invasion of privacy
NOTE PC = LAN MINI MIDI LARG Personnel computer = Local area network = Mini comouter = Midi coiputer = Large computer

-

Y

Y planning the

---- - -

y'

F ?
Y Y Y Y Y Y Y Y

:
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APPENDIX

B

( Clauses 3.1.2 and 3.3.1 )
SUGGESTED SECTIONS IN SECURITY STANDING ORDERS IN A COMPUTER COMPLEX B-l. INTRODUCTION B-l.1 Reference to threat and risk analysis and scope, etc. B-2. PHYSICAL SECURITY B-2.1 Site policy; layout principles; time frames environment specifications; services specifications; standby details; guard and picquets duties, etc, passes and controls; where possible action in case of compromise, failures, etc, must be laid down. B-3. FIRE ORDERS B-3.1 Action on occurrence, organization, mutual assistance plans, etc; would include alarms, their siting, what to remove and safety of property and life, etc. B-4. DATA SECURITY B-4.1 Input criteria ( unique identification, for example, check digit, serial numbering, target dates ); policy on transmission; data preparation policy ( error percentages, batching, hash total, etc ) coding policy and schemes; training for input and coding; validation norms ( manual and closed shop; error correction programmed ); access restrictions; procedures; retention and back up policy; historical data; etc. B-5. SYSTEM SECURITY B-5.1 Selection and replacement policy; conversion policies; hardyare maintenance; software maintainance; system and program identificatton; program modification procedures; system initiation and amendment; data base policy; pass-word and security policy. B-6. COMMUNICATION for acquiring and releasing data B-6.1 Protocol policy; procedure circuits; monitoring policy; measures to inhibit tapping/eaves dropping; encryption policy, if applicable; speeds of operation; detection and rectification of breakdowns, etc. 9 other studies; layout;

IS : ii713 ( Part 3 ) - 1986 B-7. PRIVACY B-7.1 Government

procedure;

regulations and organization's documentation, etc.

policy;

authentication

B-8. ORGANIZATION
B-8.1 Hierarchy

of control; reporting mode; officiating case of absence; job specifications, etc.

arrangements

in
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